openswan_2.6.28+dfsg-5~bpo50+1_i386.changes is NEW
(new) openswan-dbg_2.6.28+dfsg-5~bpo50+1_i386.deb extra debug
Internet Key Exchange daemon - debugging symbols
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
protocols are supported.
.
This package provides the symbols needed for debugging of openswan
binaries.
(new) openswan-doc_2.6.28+dfsg-5~bpo50+1_all.deb optional doc
Internet Key Exchange daemon - documentation
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
protocols are supported.
.
This package provides the free parts of the documentation for Openswan.
(new) openswan-modules-dkms_2.6.28+dfsg-5~bpo50+1_i386.deb optional kernel
Internet Key Exchange daemon - DKMS source
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
protocols are supported.
.
For support of the old-style KLIPS ipsecX network interfaces a custom
kernel module is needed.
.
This package contains source code for the Openswan IPsec kernel module,
which can be used with DKMS so that local kernel images are automatically
built and installed every time relevant kernel packages are upgraded.
.
Kernel versions >= 2.6.23 no longer need to be patched to provide NAT
Traversal support for KLIPS.
(new) openswan-modules-source_2.6.28+dfsg-5~bpo50+1_all.deb optional kernel
Internet Key Exchange daemon - kernel module source
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
protocols are supported.
.
For support of the old-style KLIPS ipsecX network interfaces a custom
kernel module is needed.
.
This package contains source code for the Openswan IPsec kernel module,
which can be used with tools like module-assistant or kernel-package
for manual building of local kernel images.
.
Kernel versions >= 2.6.23 no longer need to be patched to provide NAT
Traversal support for KLIPS.
(new) openswan_2.6.28+dfsg-5~bpo50+1.debian.tar.gz optional net
(new) openswan_2.6.28+dfsg-5~bpo50+1.dsc optional net
(new) openswan_2.6.28+dfsg-5~bpo50+1_i386.deb optional net
Internet Key Exchange daemon
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the
native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2
protocols are supported.
.
The Openswan IKE daemon is named pluto. It was inherited from the FreeS/WAN
project, but provides improved X.509 certificate support and other features.
.
In order to use the KLIPS IPsec code instead of the native version, you will
need to either install openswan-modules-source and build the appropriate
module for your kernel or use openswan-modules-dkms which automates this
task.
(new) openswan_2.6.28+dfsg.orig.tar.gz optional net
Changes: openswan (1:2.6.28+dfsg-5~bpo50+1) lenny-backports; urgency=low
.
[Harald Jenny]
* Rebuilt for lenny.
.
openswan (1:2.6.28+dfsg-5) unstable; urgency=medium
.
[Harald Jenny]
* Fix exit value of previously added init script error checking patch so
it complies with Debian policy.
* Set urgency to medium due to reject of freeze exception for previously
uploaded package version.
.
openswan (1:2.6.28+dfsg-4) unstable; urgency=medium
.
[Harald Jenny]
* Picked up patch from 2.6.29 to fix issue with L2TP and transport mode
IPSec.
* Created patch to allow line break in manpage and removed corresponding
lintian override.
* Added ${misc:Depends} to doc package and removed override.
* Set urgency to medium due to backported NETKEY patch.
* Added two other CVE numbers to previous changelog entry.
* Picked up patch from 2.6.30 to fix issue with Windows XP L2TP connect.
* Added a patch to enhance the init script's error checking when doing
start/restart/reload (forwarded upstream for inclusion).
* Removed lintian override for debug package linking to openswan docs.
.
openswan (1:2.6.28+dfsg-3) unstable; urgency=HIGH
.
[Harald Jenny]
* Integrated upstream patch fixing regression introduced by the previous
security patch.
.
openswan (1:2.6.28+dfsg-2) unstable; urgency=HIGH
.
[Harald Jenny]
* Modified lintian override for long but unsplittable manpage line.
* Changed Vcs-Fields as Debian project switched from svn to git.
* Bump Standards for binary module package to 3.9.1 (no changes needed).
* Added upstream security patch fixing XAUTH Cisco handling code
(CVE-2010-3302, CVE-2010-3308, CVE-2010-3752, CVE-2010-3753).
* Set urgency to HIGH due to included security fix.
* Added lintian override for docs in debug package.
.
openswan (1:2.6.28+dfsg-1) unstable; urgency=medium
.
[Harald Jenny]
* New upstream release.
Closes: #566092: openswan: /usr/lib/ipsec/addconn does not like
defaultroutenexthop set to %direct
* Removed 2.6.34 git patches as they are now included in upstream package.
* Set urgency to medium due to important NETKEY fixes.
.
openswan (1:2.6.27+dfsg-1) unstable; urgency=low
.
* UNRELEASED
.
[Harald Jenny]
* New upstream release.
Closes: #357709: openswan: "ipsec showhostkey" doesn't understand X.509
certs
* Disabled most patches for now and modified the rest due to manpage
corrections from upstream.
* Modified lintian override for long but unsplittable manpage line.
* For security reasons change permission on /var/lib/openswan and
/var/lib/openswan/ipsec.secrets.inc.
* Removed old unused code from installation scripts.
* Removed old unused changelog.
* Limit the architectures where openswan's userspace and kernel binaries
are available to linux-any.
* Bump Standards to 3.9.0 (no changes needed).
* Include SAref patches in openswan-modules-source (2.6.32 from tar.gz,
2.6.34 from git).
* Made the dependency of the debug package on openswan versioned.
* Fixed rules file of binary openswan-modules package to use dh_prep.
* Incorporate translation updates.
Closes: #590109: openswan [INTL:de] updated German debconf translation
* Bump Standards to 3.9.1 (no changes needed).
* Added Replaces line for ike-server.
.
openswan (1:2.6.26+dfsg-2) unstable; urgency=low
.
* UNRELEASED
.
[Harald Jenny]
* Modified patch to fix some more minor manpage lintian errors.
* Added lintian override for long but unsplittable manpage line.
* Incorporate translation update.
Closes: #585598: openswan: [INTL:fr] French debconf translation update
.
openswan (1:2.6.26+dfsg-1) unstable; urgency=low
.
[Harald Jenny]
* New upstream release.
* Removed some obsoleted patches.
* Modified some patches for new upstream version.
* Added preinstall script to remove old duplicate init script.
Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup
* Added patch to fix segfault of showhostkey with encrypted key (Thanks
to Kevin Locke for his patch).
Closes: #575757: openswan: showhostkey segfault with 3DES-encrypted host
key
* Changes debian/rules to only omit permission fixing where it's really
necessary.
Closes: #389680: openswan: wrong permissions of /etc/ipsec.d/examples
* Removed orphaned conflict with freeswan (not shipped anymore).
.
[Rene Mayrhofer]
* Openswan package now provides ike-server and conflicts with it.
Closes: #537762: openswan: pluto fails to start without manual
"modprobe ip_gre"
Closes: #583334: racoon and openswan: error when trying to install
together
.
openswan (1:2.6.25+dfsg-1) unstable; urgency=low
.
[Harald Jenny]
* Removed some obsoleted patches.
* Modified some patches for new upstream version.
* Adapted copyright file to include all used licenses.
* Added two upstream patches to fix userspace code for KLIPS (Thanks to
David McCullough for his patch).
* Added some lintian overrides for wrong copyright messages.
* Removed support for 2.4 kernel versions in openswan-modules packages.
Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o
not kernel modules
* Rewroted parts of README.Debian.
Closes: #585549: openswan-modules-source: Build instructions outdated and
not working anymore
* Incorporate translation updates.
Closes: #527586: [INTL:es] Spanish debconf template translation for
openswan
Closes: #537430: [l10n] Czech translation for openswan
Closes: #570022: [INTL:sv] Swedish strings for openswan debconf
Closes: #579303: [INTL:sv] Swedish strings for openswan debconf
Closes: #570788: [I18N, DE] Updated german debconf translation for
openswan
Closes: #580452: openswan [INTL:de] updated German debconf translation
Closes: #575140: openswan: [INTL:fr] French debconf templates translation
update
Closes: #579199: openswan: [INTL:vi] Vietnamese debconf templates
translation update
Closes: #579381: openswan: [INTL:vi] Vietnamese debconf templates
translation update
Closes: #581501: openswan: [INTL:vi] Vietnamese debconf templates
translation update
Closes: #580437: openswan: [INTL:pt] Updated Portuguese translation for
debconf messages
Closes: #581253: openswan: [INTL:pt] Updated Portuguese translation for
debconf messages
Closes: #581561: openswan: [INTL:ru] Russian debconf templates
translation update
.
[Rene Mayrhofer]
* New upstream release.
* Polished README.Debian, NEWS.Debian, and other documentation files.
.
openswan (1:2.6.24+dfsg-2) unstable; urgency=low
.
* UNRELEASED
.
[Harald Jenny]
* Fixed init script to correctly provide ipsec satisfying lintian.
Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1
Closes: #537335: Fix LSB header in programs/setup/setup.in to fix init.d
script
* Switch to dpkg-source 3.0 (quilt) format
* Cleaned up duplicate html-pages and move documentation to openswan-doc
package satisfying lintian.
* Removed plain rsa key creation from openswan package as nowadays X.509
certificates are commonly used.
Closes: #446556: openswan installation takes a very long time without any
warning
Closes: #523339: openswan: Openswan security update creates a second host
key in /etc/ipsec.secrets
* Enhanced X.509 certificate import by making it possible to integrate a
RootCA file.
* Modified X.509 menus to reflect changes in create/import procedures.
.
openswan (1:2.6.24+dfsg-1) unstable; urgency=medium
.
* UNRELEASED
.
[Harald Jenny]
* New upstream release.
* Removed bash-patch for scripts as problem is fixed upstream.
* Removed dependency on xmlto as this processing is now done upstream.
* Added fix from Ubuntu to compile with gcc-4.4 (Thanks to Fabrice
Coutadeur for his patch).
Closes: #505600: [PATCH] FTBFS with GCC 4.4: dereferencing type-punned
pointer will...
* Modified package descriptions.
* Remove two directories after build process to satisfy lintian.
* Modified template wording.
* Added three upstream git patches to fix some bugs in KLIPS.
* Added patch for manpage to fix lintian error.
* Removed orphaned opportunistic encryption question from package.
* Fix some duplicated and mangled manpages.
* Fixed some little lintian issues.
* Fixed some little issues in module-building-process.
* Recommend module-assistant and linux-headers for module-source package.
* Fixed package dependencies.
* Dropped NAT-T patches as they are no longer need for kernels >= 2.6.23.
* Dropped old compatibility code for translations.
* Dropped possibility to select between different Start/Stop-Levels as the
current system startup already handles such situations.
* Changed building of plain RSA key to store it in a separate file under
/var/lib/openswan and then include it in /etc/ipsec.secrets (idea taken
from strongswan package).
Closes: #561473: prompting due to modified conffiles which where not
modified by the user
* Fix postinstall script when using existing X.509 certificates (Thanks to
Kevin Locke for his patch).
Closes: #572849: openswan: postinst fails with existing certificates
* Dropped ancient code for fixing wrong legacy RSA keys.
* Added a debug package for openswan.
Closes: #477677: Missing dbg version of the package
* Added a dkms package for openswan-modules to simplify KLIPS deployment
for normal users (ideas and code taken from batman-adv-dkms and
sl-modem-source)
.
[Jari Aalto]
* debian/control
- (Build-Depends): Remove coreutils (E: lintian).
Add version 7.1 to debhelper (W: lintian).
- (Standards-Version): Update to 3.8.4.
- (Vcs-*): Add version control headers.
- (openswan::Depends): Add ${misc:Depends} (W: lintian).
- (openswan-dbg::Depends): Add ${misc:Depends} (W: lintian).
- (openswan-dbg::Description): Extend description string to (W: lintian).
- (openswan-modules-source::Depends): Add ${misc:Depends} (W: lintian).
- (openswan-modules-dkms::Depends): Add ${misc:Depends} (W: lintian).
* debian/patches
- (number 10): Add LSB dependency $remote_fs (E: lintian).
- (number 29): Fix bashism n programs/_startklips/_startklips.in
(important; Closes: #530155). Note: in the bug report is
also reported bashism in programs/_realsetup.bsd/_realsetup.in, but
that is false positive. The code in line 268 is correct. The place is
just too complex for checkbashisms(1) to check correctly. File
programs/_realsetup.bsd/_realsetup.in comes clean from "dash -nx".
- (number 30): programs/rsasigkey/rsasigkey.8:
Fix Invalid or incomplete multibyte or wide characters invalid
combination of <U+0080><U+0099>. (minor; Closes: #464620).
- (number 31): programs/_updown/_updown.8:
Fix Invalid or incomplete multibyte or wide characters. See above,
- (number 33): Add missing lib to fix Gcc 4.4 build
programs/pluto/fetch.c:393: error: undefined reference to 'ber_free'.
(minor; Closes: #555950).
- (number 35): Fix all Perl *.pl patch to /usr/bin/perl (W: lintian).
- (number 40) programs/_confread/ipsec.conf.5. Fix spelling (W: lintian).
Fix groff error in line 1006: warning [p 12, 8.7i]: can't break line.
- (number 42) programs/lwdnsq/lwdnsq.8:: Fix spelling (I: lintian).
- (number 43) programs/pluto/ipsec.secrets.5: Fix spelling (I: lintian).
- (number 44) programs/_updown/_updown.8: Fix spelling (I: lintian).
- (number 45) programs/barf/barf.8: Fix spelling (I: lintian).
- (number 46) programs/pluto/pluto.8: Fix spelling (W: lintian).
Fix groff error in line 47: groff error in line 47 (can't break line).
- (number 47) programs/eroute/eroute.8: Fix lines 17-21 groff
warning [p 1, 1.5i]: can't break line (W: lintian).
- (number 48) programs/auto/auto.8:
Fix groff line 36 warning [p 1, 4.3i]: can't break line
(W: lintian)
- (number 50) The big-bang patch to change 51 files to fix incorrect
TH and NAME entries and incorrect wide character codes \'s.
(W: lintian manpage-has-bad-whatis-entry). (minor; Closes: #493755).
- (number 60) lib/libopenswan/x509dn.c: Fix spelling (W: lintian).
- (number 61) programs/pluto/ocsp.c: Fix spelling (W: lintian).
- (number 62) linux/net/ipsec/pfkey_v2_build.c: Fix spelling (W: lintian).
- (number 63) programs/pluto/ikev2_x509.c: Fix spelling (W: lintian).
- (number 64) programs/eroute/eroute.c: Fix spelling (W: lintian).
- (number 65) programs/pluto/demux.c: Fix spelling (W: lintian).
- (number 70) packaging/utils/kernelpatching.sh:
Add missing shebang line (W: lintian).
* debian/README.source
- New file (W: lintian).
* debian/rules
- Remove EOL whitespaces.
- (clean): fix debian-rules-ignores-make-clean-error (W: lintian).
- (install-openswan): change dh_clean -k to dp_prep (W: lintian).
Remove empty directory usr/bin (I: lintian).
- (install-openswan-modules-dkms): chmod 755 all *.sh and *pl
(W: lintian). Remove empty debian dir (W: lintian). Set permissions
of setup and sshenv to 644 (W: lintian executable-not-elf-or-script).
- (install-openswan-modules-source): chmod 644 sshenv setup (W: lintian).
* debian/openswan.postinst
- (Warn): new function.
- (Error): new function.
- (configure): Add if-checks for non-existing cert files that may
cause problems. Add --verbose to cp(1). Send errors to stderr.
(post-installation script returns error; normal; Closes: #309692).
.
[Rene Mayrhofer]
* Fixed copyright issue to satisfy lintian.
* Polish descriptions and texts in control and debconf templates.
* Added Harald Jenny as Uploader.
.
openswan (1:2.6.23+dfsg-1) unstable; urgency=low
.
* New upstream release.
Closes: #551565: openswan: new version 2.6.23 is available -
resolves problem with SA refcount
Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1
Closes: #532348: openswan: installs dupliate init script
/etc/init.d/setup
Closes: #542657: prompting due to modified conffiles which where
not modified by the user
.
openswan (1:2.6.22+dfsg-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix LSB header in programs/setup/setup.in to fix init.d script
(Closes: #537335).
.
openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH
.
Urgency high because of security release.
* New upstream release. Closes a security bug in the ASN.1 parser (no
CVE number at this time).
Closes: #528747: [FTBFS] cannot build with kernel 2.6.29-2-686
* The linux-patch-openswan package is no longer built, as this new
upstream release no longer requires a kernel patch for proper NAT-T
support with KLIPS (thanks to Harald Jenny).
Closes: #535876: linux-patch-openswan: bashism in /bin/sh script
.
openswan (1:2.6.21+dfsg-2) unstable; urgency=low
.
* The new upstream release should also compile with newer Debian
kernels.
Closes: #522112: openswan-modules-source: Fails to build with kernel
2.6.26
* Removed ununsed scripts in linux-patch-openswan that have security
issues.
Closes: #496376: The possibility of attack with the help of symlinks
in some Debian packages
.
openswan (1:2.6.21+dfsg-1) unstable; urgency=low
.
* New upstream release
Closes: #521949: CVE-2009-0790: DoS
.
openswan (1:2.6.20+dfsg-6) unstable; urgency=low
.
* Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the
security team for providing the patch.
Closes: #521949: CVE-2009-0790: DoS
Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.
.
openswan (1:2.6.20+dfsg-5) unstable; urgency=low
.
* Mea culpa (again). Fix the fix.
Closes: #520082: openswan: reincarnation
* Correct the build dependency for openswan-modules-source. Thanks
to Harald Jenny for the patch.
.
openswan (1:2.6.20+dfsg-4) unstable; urgency=low
.
* Backticks got messed up when applying last patch to init script to
check for user id instead of / being writable.
Closes: #520082: openswan: init script bug: "permission denied (must
be superuser)"
.
openswan (1:2.6.20+dfsg-3) unstable; urgency=low
.
* Actually, mark ipsec.conf and ipsec.secrets as conffiles but avoid
editing them. Sorry for the blunder, reverting the last patch.
* The last upload was also messed up in terms of source package
(the orig.tar.gz was missing, so it was erroneously created as
native source).
.
openswan (1:2.6.20+dfsg-2) unstable; urgency=low
.
* Fix a few problems caused by changes in upstream packaging, e.g. to
no longer require no_oe.conf hackery as there is now a config file
option. Removed debconf question for now (commented out, actually).
Closes: #515098: overwrites local configuration
* No longer advertise the debian-openswan@gibraltar.at mailing list as
support address, as I have deleted it. My personal email address
should be used again.
* I agree that md[25].[ch] are sufficiently compatible with distribution
in this Debian package according to http://www.ietf.org/ietf/IPR/RSA-MD-all.
IANAL, but as far as I judge the situation, there is no license issue.
Closes: #405363: openswan: contains non-free files
* Updated Swedish debconf translation
Closes: #518498: [INTL:sv] Swedish strings for openswan debconf
* Add libcurl4-openssl-dev to the list of Build-Dep alternatives and
remove lynx, which is no longer required for building.
* Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge.
Closes: #455112: openswan -- Doesn't purge all files after piuparts
Install+Upgrade+Purge test
* Don't check if / is writable in init script. This doesn't make sense
for readonly filesystems.
Closes: #499837: Will not start when / is mounted read only
* No longer mark ipsec.conf and ipsec.secrets as conffiles, as they
are modified by postinst. Although I don't particularly like this
method of patching DEBIAN/conffiles, I don't have a better solution
right now. Thus take patch from Mathieu Parent.
Closes: #515095: programmatically modifies a conffile
Integrated cleanup patch, also thanks to Mathieu Parent:
* Add 'rm -rf OBJ.*' in clean target.
Closes: #517703: openswan_1:2.6.20+dfsg-1(mipsel/unstable): FTBFS with
-rsudo
* clean generated doc/manpage.d/*.html and doc/index.html
.
openswan (1:2.6.20+dfsg-1) unstable; urgency=low
.
* New upstream release. This no longer ships the fswcert tool, so skip
building and installing it in the Debian package as well.
Closes: #315559: openswan: sometimes does not use ipsec.o module but
uses af_key.o module
Closes: #405601: /etc/init.d/ipsec stop doesn't work correctly
Closes: #487566: ipsec livetest fails due to missing file
Closes: #524184: openswan: %any does not work in ipsec.secrets
Closes: #564054: Pluto fails with error status 134 (signal 6)
Override entries for your package:
Announcing to debian-backports-changes@lists.debian.org
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
utions.
Reply to: